If the programmer had done a check for NULL, or if they used modern tooling that checks these sorts of things, it could have been caught. But somehow it made it into production and then got pushed as a forced update by CrowdStrike... OOPS!
The fix going forward is that Microsoft needs to have better policies to roll back defective drivers and not just raw dog risky updates to customers. CrowdStrike will likely promote their code safety officer to put in code sanitization tools that will catch this automatically.
CrowdStrike will likely consider rewriting its system driver from C++ to a more modern language like Rust, which doesn't have this problem.
For people looking for a conspiracy, the replacement language for C++, Rust, is compromised by a cabal of woke tards that are doing strange things. This could be a plot to move mission-critical code to Rust. It's the only language Linux allows other than C. But who knows.
C++ is hard. Maybe they have a DEI engineer who did this, but for mission-critical software like this, CrowdStrike should have set up automated testing using address sanitizer and thread sanitizer that runs on every code update.
An alternative hypothesis.
What does the CrowdStrike CEO have to say about this mess?
What is known about CrowdStrike involvement in politics and elections?
Trump Conspiracy Theory: During the 2020 US presidential election, conspiracy theories emerged claiming that CrowdStrike, a cybersecurity firm, had fabricated evidence of Russian interference in the election. The company was accused of being biased against Donald Trump and his campaign. This controversy resurfaced in July 2024, with social media platforms like Facebook and X seeing renewed criticism about CrowdStrike’s role in the 2016 election.
Partisan Allegations: Some critics have accused CrowdStrike of having political leanings, particularly during the 2016 US presidential election, when the company attributed the DNC hack to Russian intelligence services. This attribution was disputed by then-President Donald Trump and his supporters, who claimed that CrowdStrike was biased against Trump and his campaign. CrowdStrike’s CEO testified that the firm had no specific evidence to support the claim of a Russian intelligence service hack, which testimony was classified by Congressman Adam Schiff and then declassified when Republicans gained control of the House of Representatives.
In 2016, CrowdStrike was hired by the Democratic National Committee (DNC) to investigate a suspected breach. The company’s incident response team and technology identified the adversaries on the network, which were later attributed to two groups: COZY BEAR and FANCY BEAR, both linked to Russian intelligence.
Key Findings
CrowdStrike’s analysis concluded that Russia was behind the DNC hack, a conclusion supported by the U.S. Intelligence community and independent Congressional reports.
The company identified indicators of exfiltration (IOCs) and confirmed that data had left the network.
Shawn Henry, CrowdStrike’s former President and GM of Services, testified to the House Intelligence Committee that the company had IOCs and that data had clearly left the network.
Timeline
April 30, 2016: CrowdStrike was contacted by the DNC to respond to a suspected breach.
May 1, 2016: CrowdStrike began collecting intelligence and analyzing the breach.
June 10, 2016: CrowdStrike initiated a coordinated remediation event to ensure the intruders were removed and could not regain access.
June 14, 2016: CrowdStrike published its investigation report, concluding that Russia was behind the hack.
Notable Events
The DNC hack played a role in the first impeachment of Donald Trump, with former President Trump mentioning CrowdStrike during a call to Ukrainian President Volodymyr Zelensky in 2016.
Speaking for myself, once again, I am struck that the same recurring central clusterfrack (summarized by the Venn diagram below) applies. This is what is causing enshittification to be such a routine problem in modern life —the same set of overlapping forces that are at the heart of the ongoing controversies concerning the assassination attempt on President and Candidate Donald Trump.
As an aside, I recommend reading this substack essay and this substack essay to summarize the latest alternative theories concerning that situation.
